A group of four Democratic members of the Senate Banking Committee, including Chairman Sherrod Brown, recently sent a letter to CFPB Director Chopra to express their concerns regarding the emergence of voice cloning technology and its potential exploitation in financial scams.  The Senators ask the CFPB to “review the risks posed by this new technology as soon as practicable and take action under the CFPB’s existing authorities to protect consumers.”

Voice cloning is the process of reproducing an individual’s voice with high accuracy using artificial intelligence  and machine learning techniques.  In their letter, the Senators describe the potential for voice cloning to be used to perpetrate financial scams by allowing fraudsters to generate voice clips that impersonate “friends, family, or potentially even financial advisors and bank employees.”  They observe that hearing trusted voices amplifies the risk of consumers falling victim to scams.  (The Senators reference a recent FTC consumer alert about the use of voice cloning by scammers.)  The Senators also express their concern that financial institutions themselves, particularly those using voice authentication systems, may be vulnerable to breaches powered by artificially generated voice clips but “do not have a uniform and robust approach to detecting and preventing AI-driven threats, leaving consumers vulnerable to harm.”

In their letter, the Senators note that “[f]inancial scams already impose significant hardships on unsuspecting consumers, who often have no reimbursement recourse from banks and peer-to-peer payment apps.”  Last July, Senator Brown and other Democratic members of the Senate Banking Committee sent a letter to Director Chopra asking that the CFPB issue guidance stating that a fraudulently induced P2P transaction is an “unauthorized electronic fund transfer” (EFT) under the EFTA so as shift liability for such transactions from consumers to financial institutions.

Under the EFTA and Regulation E, consumers who provide a bank with timely notice of an error that the bank determines to be an “unauthorized EFT” are entitled to EFTA/Regulation E liability protection.  The EFTA and Regulation E provide that an “unauthorized EFT” is an EFT from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit.  The existing Regulation E Official Staff Commentary specifically states that an unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery, stopping well short of covering transactions initiated by the consumer as the result of fraud.  If the CFPB were to interpret the EFTA as suggested by the Senators, it would conflict with the statutory text by requiring banks to treat fraudulently induced transactions as unauthorized EFTs even when they are initiated by the consumer with the result that banks would be required to repay the amount of such transactions to consumers.